Re: RuffaloCODY Fundraising Management question

["Plesco, Todd" <tplesco () CHAPMAN EDU>]

Hi Walter,

I'm curious what responses/intelligence you may have collected.  We are examining the contract currently and I'm also 
coming up with questions of liability and responsibility.  Any assistance would be greatly appreciated.

Best,
Todd A. Plesco CISM, CBCP
Chapman University, Director of Information Security
Phone: (714) 997-6726/Fax: (714) 744-7041

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Walter 
Petruska
Sent: Friday, June 21, 2013 1:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RuffaloCODY Fundraising Management question

Thanks, Jon.
I've received many replies which lead me to believe that we've had near-universal experiences leaving us wishing for a 
better standard services agreement from RuffaloCODY.
We're on negotiated version 3, which (surprise surprise) finally nails down language over who is responsible for what- 
and what the delineation is between PCI scopes between RC and USF.
As a way of asking what you ended up with- do you have a picture/drawing or verbal description over what components, 
systems and people are in PCI scope to which party?

On Thu, Jun 20, 2013 at 1:39 PM, Allen, Jon D. <Jon_Allen () baylor edu<mailto:Jon_Allen () baylor edu>> wrote:
We went through a long process on this one. I am happy to talk.

Thanks,

_________________________________
Jon Allen, CISSP, EnCE
Assistant Vice President &
Chief Information Security Officer
254.710.4793<tel:254.710.4793><tel:254.710.4793<tel:254.710.4793>>

[Description: Description: bearawarefinal]
        www.baylor.edu/bearaware<http://www.baylor.edu/bearaware><http://www.baylor.edu/bearaware>

On Jun 20, 2013, at 11:20 AM, "Coffman, Tobiah" <tcoffman () BSU EDU<mailto:tcoffman () BSU EDU><mailto:tcoffman () BSU 
EDU<mailto:tcoffman () BSU EDU>>> wrote:

Walter,

We have RuffaloCODY on our campus.  I have somewhat limited knowledge of the setup, but I can answer what I know and 
try to get answers for anything else.

-Tobey Coffman, CISSP
Director of Information Security
Ball State University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Walter Petruska
Sent: Wednesday, June 19, 2013 3:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] RuffaloCODY Fundraising Management question

Could any of you who have RuffaloCODY as a service provider, operating ON your campus (and therefore within your 
facilities/on your network, etc.) please contact me directly (off-list) for a brief discussion.

The topic is past performance, and specifically, PCI-compliance and where to draw the contract and technology and 
organizational lines to maintain compliance of each party (RuffaloCODY & your institution)
Thanks much-

--
Walter Petruska CISSP, CISA, CGEIT
Information Security Officer
infosec.usfca.edu<http://infosec.usfca.edu><http://infosec.usfca.edu>

[http://www.usfca.edu/images/usflogo_tag_180.png]

University of San Francisco
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668<tel:415-422-6668>



--
Walter Petruska CISSP, CISA, CGEIT
Information Security Officer
infosec.usfca.edu<http://infosec.usfca.edu>

[http://www.usfca.edu/images/usflogo_tag_180.png]

University of San Francisco
Lone Mountain North - 2nd Floor
2130 Fulton Street
San Francisco, CA 94117
ITS Help Desk, Phone: 415-422-6668